About VPN device configuration scripts

A cross-premises VPN connection consists of an Azure VPN gateway, an on-premises VPN device, and an IPsec S2S VPN tunnel connecting the two. The typical work flow includes the following steps:

Create and configure an Azure VPN gateway (virtual network gateway)

Create and configure an Azure local network gateway that represents your on-premises network and VPN device

Create and configure an Azure VPN connection between the Azure VPN gateway and the local network gateway

Configure the on-premises VPN device represented by the local network gateway to establish the actual S2S VPN tunnel with the Azure VPN gateway

You can complete steps 1 through 3 using the Azure portal, PowerShell, or CLI. The last step involves configuring the on-premises VPN devices outside of Azure. This feature allows you to download a configuration script for your VPN device with the corresponding values of your Azure VPN gateway, virtual network, and on-premises network address prefixes, and VPN connection properties, etc. already filled in. You can use the script as a starting point, or apply the script directly to your on-premises VPN devices via the configuration console.

Important

The syntax for each VPN device configuration script is different, and heavily dependent on the models and firmware versions. Pay special attention to your device model and version information against the available templates.

Some parameter values must be unique on the device, and cannot be determined without accessing the device. The Azure-generated configuration scripts pre-fill these values, but you need to ensure the provided values are valid on your device. For examples:

Interface numbers

Access control list numbers

Policy names or numbers, etc.

Look for the keyword, "REPLACE", embedded in the script to find the parameters you need to verify before applying the script.

Some templates include a "CLEANUP" section you can apply to remove the configurations. The cleanup sections are commented out by default.

Download the configuration script from Azure portal

Create an Azure VPN gateway, local network gateway, and a connection resource connecting the two. The following page guides you through the steps:

Apply the configuration script to your VPN device

After you have downloaded and validated the configuration script, the next step is to apply the script to your VPN device. The actual procedure varies based on your VPN device makes and models. Consult the operation manuals or the instruction pages for your VPN devices.